Privacy Policy

Last updated: 29 June 2026 · Controller: Rafael Janer, Spain · privacy@slpcommand.com

SLP Command ("the App") is an independent educational app that helps you prepare for STANAG 6001 / SLP-style English exams. This policy explains what personal data we process, why, and your rights.

1. Data we process

• Account data: your email address and a password hash (passwords are managed by our authentication provider — we never store them in plain text).
• Learning content you create: written responses (Writing skill), audio recordings (Speaking skill — optional), and transcripts generated from that audio.
• Performance data: scores, estimated SLP levels, exercise history, and the derived Adaptive Coach / Intelligence insights.
• Technical & diagnostic data: a pseudonymous user identifier, IP address (used transiently for rate-limiting and security), and crash/error diagnostics stripped of personal content.

We do not collect your name, contacts, or location. We do not use advertising identifiers. We do not track you across other apps or websites.

2. Legal bases — GDPR Art. 6

• Performance of a contract (Art. 6.1.b): providing your account, syncing progress, delivering exercises and feedback.
• Consent (Art. 6.1.a): transcribing and evaluating your audio with AI. This is optional — you can use the App without using Speaking.
• Legitimate interest (Art. 6.1.f): keeping the service secure, stable and improving it.

3. AI processing and sub-processors

To deliver AI-powered feedback, your content is shared with the following providers acting as processors:

• OpenAI — Whisper (speech-to-text transcription) and GPT models (evaluation of Speaking and Writing responses across fluency, grammar, vocabulary, coherence and task achievement).
• ElevenLabs — text-to-speech audio generation for listening exercises and pronunciation models.
• Supabase — relational database (scores, history, profiles), authentication, and audio file storage.
• Render — backend API hosting.
• Sentry — crash and error diagnostics. Request bodies and authorization headers are stripped before transmission; no personal content or audio is sent to Sentry.

4. International transfers

Some providers (including OpenAI, ElevenLabs, Render, and Sentry) may process data in the United States or other countries outside the EEA. Where this occurs, transfers rely on appropriate safeguards such as Standard Contractual Clauses (GDPR Art. 46).

5. Retention

• Audio recordings: retained only while you keep them. You can delete individual recordings from the App at any time. All audio is permanently removed when you delete your account.
• Account, history, scores, transcripts: retained for the life of your account, then permanently deleted within 30 days of account deletion.
• Diagnostic / error logs: retained short-term only (typically 30–90 days).

6. Your rights (EEA / UK — GDPR / LOPDGDD)

You have the right to access, rectify, erase, restrict, object to, and port your data. To exercise any of these rights, contact privacy@slpcommand.com. You may also lodge a complaint with your supervisory authority — in Spain, the AEPD.

In-app account deletion is available from Settings → Delete Account. See Delete Account for full details.

7. Audio data and biometrics

Audio recordings are processed solely for speech-to-text transcription and language evaluation. We do not use audio to identify you biometrically. Audio is classified as personal data under GDPR but not as a biometric identifier (Art. 9) because it is not processed for the purpose of unique identification.

8. Children

The App is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a child has provided us with personal data, please contact privacy@slpcommand.com.

9. Changes to this policy

We will update this page and the "Last updated" date when this policy changes materially. Continued use of the App after a change constitutes acceptance.